wormclaude 1.0.171 → 1.0.173

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/commands.js CHANGED
@@ -273,6 +273,8 @@ function formatFinding(x) {
273
273
  return `${sev}${tt('missing security headers', 'eksik güvenlik başlıkları')}: ${(x.missing || []).join(', ')}`;
274
274
  if (x.type === 'path')
275
275
  return `${sev}${tt('path', 'yol')} ${x.url || ''} → ${x.status || ''}`;
276
+ if (x.type === 'info')
277
+ return `${sev}${x.evidence || x.url || 'info'}`;
276
278
  if (x.value)
277
279
  return `${x.value}`;
278
280
  // GENEL: şablon bulguları (ssrf/ssti/lfi/ldap/cmd-injection/nosql/open-redirect/crlf/graphql/cors/exposure…)
@@ -317,7 +319,7 @@ export function summarizeScan(target, findings) {
317
319
  if (low.length)
318
320
  out.push((L ? `🔵 ${low.length} düşük (minör): ` : `🔵 ${low.length} low (minor): `) + grp(low, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
319
321
  if (info.length)
320
- out.push((L ? `⚪ ${info.length} bilgi (korumalı/bilgilendirme): ` : `⚪ ${info.length} info: `) + grp(info, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
322
+ out.push((L ? `⚪ ${info.length} bilgi: ` : `⚪ ${info.length} info: `) + info.map((f) => (f.evidence || f.type || '').toString().split(' — ')[0]).slice(0, 5).join(' · '));
321
323
  // verdict
322
324
  if (high.length)
323
325
  out.push(L ? `\n➤ Sonuç: ${high.length} GERÇEK yüksek-risk açık — acil düzeltilmeli. Detaylı rapor için: /report`
@@ -496,6 +498,17 @@ async function fullScanCmd(arg, ctx) {
496
498
  all.push(...f);
497
499
  ctx.note(` ${label}: ${f.length} ${tt('finding(s)', 'bulgu')}`);
498
500
  }
501
+ // "Parametreli uç bulunamadı" notlarını TEK mesaja topla (her inject tarayıcı bir tane ekliyor → 12 kopya).
502
+ const _np = all.filter((f) => f.note === 'no_params');
503
+ if (_np.length) {
504
+ for (let i = all.length - 1; i >= 0; i--)
505
+ if (all[i].note === 'no_params')
506
+ all.splice(i, 1);
507
+ if (_np.length >= 2) {
508
+ all.push({ type: 'info', severity: 'info', url: target, note: 'no_params',
509
+ evidence: tt(`${_np.length} injection scanners found NO GET parameter to test — target inputs are likely POST forms / behind login (not covered by GET-based scanning; use a parameterized URL or test manually).`, `${_np.length} enjeksiyon tarayıcısı test edecek GET parametresi BULAMADI — hedefin girdileri muhtemelen POST form / login-arkası (GET taraması kapsamı dışı; parametreli URL ver ya da manuel test et).`) });
510
+ }
511
+ }
499
512
  const order = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
500
513
  all.sort((a, b) => (order[a.severity] ?? 9) - (order[b.severity] ?? 9));
501
514
  setLastScan(target, all); // /report için sakla
package/dist/theme.js CHANGED
@@ -16,4 +16,4 @@ export const theme = {
16
16
  synType: '#a78bfa', // tip/sınıf adları, sabitler
17
17
  synProp: '#e0e0e0', // özellik/anahtar adları
18
18
  };
19
- export const VERSION = '1.0.171';
19
+ export const VERSION = '1.0.173';
package/dist/tools.js CHANGED
@@ -741,8 +741,8 @@ async function execOne(call, hooks) {
741
741
  const _ck = tool + '|' + target.toLowerCase();
742
742
  const _cached = _scanCache.get(_ck);
743
743
  if (_cached && Date.now() - _cached.t < 120000) {
744
- return { ok: true, args, output: _cached.out
745
- + '\n\n[ALREADY-SCANNED] This exact scan just ran — results above. Do NOT scan again. Answer the user from these findings (explain / prioritize / translate / show fixes). Re-scanning is a loop.' };
744
+ // SADECE kısa DUR notu bulguları TEKRAR verme (yoksa model onları yeniden yazıp tekrar çağırır).
745
+ return { ok: false, args, output: `[ALREADY-SCANNED] "${tool} ${target}" already ran — its findings are ALREADY in the conversation above. STOP: do NOT call SecurityScan again. Reply to the user in TEXT now using those findings. Another scan call is a forbidden loop.` };
746
746
  }
747
747
  try {
748
748
  const { runPentest } = await import('./pentest.js');
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wormclaude",
3
- "version": "1.0.171",
3
+ "version": "1.0.173",
4
4
  "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
5
5
  "type": "module",
6
6
  "bin": {